This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.
However, even if the method is not private you can secure it by never referencing it (i.e. using an inner bean when declaring it). This may sound like a risk, but if a user got a hold of an instance of an Object that was not woven with the Security Aspect it would have the same problems. In fact, weaving proxy based aspects is essentially creating an inner bean of the unsecured class and wrapping it with the Security Aspect.